CodeProject: Simple HTTP Reverse Proxy with ASP.NET and IIS. Free source code and programming help

Announcements

	Windows 7 Comp Win a laptop!
	Monthly Competition

Articles

Desktop Development

Web Development

Enterprise Systems

Content Management Server

Microsoft BizTalk Server

SQL Reporting Services

Platforms, Frameworks & Libraries

Windows Communication Foundation

Windows Presentation Foundation

Windows Workflow Foundation

Cryptography & Security

Threads, Processes & IPC

WinHelp / HTMLHelp

Uncategorised Quick Answers

Graphics / Design

Expression

Usability

Development Lifecycle

Debug Tips

Design and Architecture

Uncategorised Technical Blogs

Services

Code-signing Certificates

Job Board

CodeProject VS2008 Addin

Feature Zones

Product Showcase

Code Signing Resources

WhitePapers / Webcasts

ASP.NET Web Hosting

Advanced Search
Add to IE Search

Discuss

Report

24 votes for this article.

Popularity: 5.41 Rating: 3.92 out of 5

Introduction

Sample Image - reverse-proxy.png

A reverse proxy is the same as a proxy except instead of delivering pages for internal users, it delivers them for external users. It can be used to take some load off web servers and provide an additional layer of protection. If you have a content server that has sensitive information that must remain secure, you can set up a proxy outside the firewall as a stand-in for your content server. When outside clients try to access the content server, they are sent to the proxy server instead. The real content resides on your content server, safely inside the firewall. The proxy server resides outside the firewall, and appears to the client to be the content server.

Where to use?

If you have an intranet with IP filtered security, you can offer the functionality of external consultation. You must just add the authentication system of your choice.

Functionality

This reverse proxy can run in two modes:

Mode 0: all web sites can be requested by clients with an URL like http://RevrseProxyURL/http//www.site.com/
Mode 1: only one web site can be requested. When the user requests the web application address, the proxy returns the content of this web site.

You can setup this mode in the web configuration file of you web application:

<appSettings>
    <!-- PROXY Mode
  0 : all web site can be requested by a client with 
      an url like http://ReverseProxyURL/http//www.site.com/
  1 : Only on web site can be resuested by clients, \
      In this case Web Application uses RemoteWebSite variable 
      to deliver the content of the web site.
    -->
   <add key="ProxyMode" value="1" />
   <add key="RemoteWebSite" value="http://www.codeproject.com/">http://www.codeproject.com/" />
</appSettings>

The code

Create an HttpHandler to intercept all requests:

using System;
using System.Configuration;
using System.Web;
using System.Net;
using System.Text;
using System.IO; 
namespace ReverseProxy
{
  /// <summary>

  /// Handler that intercept Client's request and deliver the web site

  /// </summary>


  public class ReverseProxy: IHttpHandler
  {
    /// <summary>

    /// Method calls when client request the server

    /// </summary>

    /// &;lt;param name="context">HTTP context for client</param>


    public void ProcessRequest(HttpContext context)
    {
      //read values from configuration 

      fileint proxyMode = 
        Convert.ToInt32(ConfigurationSettings.AppSettings["ProxyMode"]);
      string remoteWebSite = 
        ConfigurationSettings.AppSettings["RemoteWebSite"];
      string remoteUrl;
      if (proxyMode==0)
        remoteUrl= ParseURL(context.Request.Url.AbsoluteUri);
      //all site 

      acceptedelseremoteUrl= 
        context.Request.Url.AbsoluteUri.Replace("http://"+
        context.Request.Url.Host+
        context.Request.ApplicationPath,remoteWebSite);
      //only one site accepted

      //create the web request to get the remote stream

      HttpWebRequest request = 
        (HttpWebRequest)WebRequest.Create(remoteUrl);
      //TODO : you can add your own credentials system

      //request.Credentials = CredentialCache.DefaultCredentials;

      HttpWebResponse response;
      try
      {
        response = (HttpWebResponse)request.GetResponse ();
      }
      catch(System.Net.WebException we)
      {
        //remote url not found, send 404 to client 

        context.Response.StatusCode = 404;
        context.Response.StatusDescription = "Not Found";
        context.Response.Write("<h2>Page not found</h2>");
        context.Response.End();
        return;
      }
      Stream receiveStream = response.GetResponseStream();

      if ((response.ContentType.ToLower().IndexOf("html")>=0) 
        ||(response.ContentType.ToLower().IndexOf("javascript")>=0))
      {
        //this response is HTML Content, so we must parse it

        StreamReader readStream = 
          new StreamReader (receiveStream, Encoding.Default);
        Uri test = new Uri(remoteUrl);
        string content;
        if (proxyMode==0)
          content= ParseHtmlResponse(readStream.ReadToEnd(), 
            context.Request.ApplicationPath+"/http//"+test.Host);
        else
          content= ParseHtmlResponse(readStream.ReadToEnd(),
            context.Request.ApplicationPath);
        //write the updated HTML to the client

        context.Response.Write(content);
        //close streamsreadStream.Close();

        response.Close();
        context.Response.End();
      }
      else
      {
        //the response is not HTML 

        Contentbyte[] buff = new byte[1024];
        int bytes = 0;
        while( ( bytes = receiveStream.Read( buff, 0, 1024 ) ) > 0 )
        {
          //Write the stream directly to the client 

          context.Response.OutputStream.Write (buff, 0, bytes );
        }
        //close streams

        response.Close();
        context.Response.End();
      }
    }

    /// <summary>

    /// Get the remote URL to call

    /// </summary>

    /// <param name="url">URL get by client</param>

    /// <returns>Remote URL to return to the client</returns>


    public string ParseURL(string url)
    {
      if (url.IndexOf("http/")>=0)
      {
        string externalUrl=url.Substring(url.IndexOf("http/"));
        return externalUrl.Replace("http/","http://") ;
      }
      else
        return url;
    }

    /// <summary>

    /// Parse HTML response for update links and images sources

    /// </summary>

    /// <param name="html">HTML response</param>

    /// <param name="appPath">Path of application for replacement</param>

    /// <returns>HTML updated</returns>

    public string ParseHtmlResponse(string html,string appPath)
    {
      html=html.Replace("\"/","\""+appPath+"/");
      html=html.Replace("'/","'"+appPath+"/");
      html=html.Replace("=/","="+appPath+"/");
      return html;
    }
    ///

    /// Specifies whether this instance is reusable by other Http requests

    ///

    public bool IsReusable
    {
      get
      {
        return true;
      }
    }
  }
}

Configure the handler in web.config

You must add these lines in web.config file to redirect all user queries to the HTTPHandler:

<httpHandlers>
   <add verb="*" path="*" type="ReverseProxy.ReverseProxy, ReverseProxy" />
</httpHandlers>

Configure IIS

If you want to process a request with any file extension, then you need to change IIS to pass all requests through to the ASP.NET ISAPI extension. Add the HEAD, GET and POST verbs to all files with .* file extension and map those to the ASP.NET ISAPI extension - aspnet_isapi.dll (in your .NET framework directory). The complete range of mappings, includes the new .* mapping.

TODO's

Now, you can develop your own security system, based on form, Windows or passport authentication.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Vincent Brossier

Member

Vincent Brossier is a software engineer from Paris, FRANCE, specializing in .Net.
Vincent is in charge of development of the Parisian university's Intranet, I take part in a nationnal project of numerical campus.
His role is to seek best technicals solutions to satisfy the 35000 users of this Intranet. Specialized in the development of distributed applications, vincent work primarily with technologies microsoft .NET (C#, ASP.NET, Webservices, SQLServer) even if he have also work with java technologies (Peer-to-peer sharing documents tool).
Vincent have also set up Open-Source solutions such as SPIP in nursery schools.
When he's not programming, he enjoys playing Guitar.

Occupation:	Web Developer
Location:	France

Other popular Web Security articles:

Role-based Security with Forms Authentication
Provides insight and tips on using role-based (groups) Forms Authentication in ASP.NET, which has only partial support for roles.
Switching Between HTTP and HTTPS Automatically: Version 2
An article on automatically switching between HTTP and HTTPS protocols without hard-coding absolute URLs
Forms authentication and Role based authorization: a quicker, simpler, and correct approach
This article describes a correct and smarter way of implementing Role based authorization with Forms authentication in ASP.NET.
Securing ASP.NET Applications
This article takes a look at two recent attacks on web applications and how they were perpetrated. Then it dives head first into a litany of different potential security holes and more importantly, how to plug them in ASP.Net.
HttpSecureCookie, A Way to Encrypt Cookies with ASP.NET 2.0
Discussing how to encode and tamper-proof text and cookies using the MachineKey, by using reflection.

Article Top

You must Sign In to use this message board.

FAQ
Noise Tolerance Layout Per page

Msgs 1 to 25 of 74 (Total in Forum: 74) (Refresh)

FirstPrevNext

How to set it up?

maria_mir

21:48 7 Jul '09

I cannot figure out how to set up the demo project at my side. There are no installation instructions, only the global and web.config and a dll. How to start with it now?
Sign In·View Thread·PermaLink

Re: How to set it up?

maria_mir

23:18 12 Jul '09

Following are its deployment instructions;

1. Create a new directory named Handler under the C:\Inetpub\Wwwroot directory.
2. Copy the bin directory with the dll (ReverseProxy dll) and the web.config in the Handler directory.
3. Follow these steps to mark the new Handler directory as a Web application:
4. Open Internet Services Manager.
o Right-click the Handler directory, and then click Properties.
o On the Directory tab, click Create.
o Follow these steps to create an application mapping for the handler. For this handler, create a mapping to the Aspnet_isapi.dll file for the .* extension.
o Right-click on the Handler Web application, and then click Properties.
o On the Directory tab, click Configuration.
o Click Add to add a new mapping.
o In the Executable text box, type the following path: Microsoft Windows 2000:
 C:\WINNT\Microsoft.NET\Framework\<version#>\Aspnet_isapi.dll
o Microsoft Windows XP:
 C:\WINDOWS\Microsoft.NET\Framework\<version#>\Aspnet_isapi.dll
o In the Extension text box, type .*
o Make sure that the Check that file exists check box is cleared
o Double click the path textbox if OK button is not enabled; and then click OK to close the Add/Edit Application Extension Mapping dialog box.
o Click OK to close the Application Configuration and the Handler Properties dialog boxes.
o Close Internet Services Manager.

Now browse to http://localhost/Handler/http//www.google.com – for mode 0
And http://localhost/Handler/ - for mode 1

Some changes

rickleb

7:16 21 Mar '09

I used this code to set up another IIS 6 website in parallel with my public site. This is a secure (SSL) site. So I wanted to use https externally to access internal http servers (Nagios running on Apache on Linux). Here is a summary of the changes that I made. First, note that I did not test the "all sites" proxy mode, just the individual site mode.

So my IIS 6 setup looks like this:

Default site (my primary HTTPS site)
nagios1 (my first nagios server)
nagios2 (my second nagios server)

nagios1 and nagios2 each have the ReverseProxy application installed in the root. On IIS 5 & 6, if you want to map all mime types to the ihttphandler, you must do it for the entire site. That is why I didn't just use a virtual directory. IIS 7 removes this restraint.

The first change was to this section:

 string remoteUrl;
 if (proxyMode==0)
    remoteUrl= ParseURL(context.Request.Url.AbsoluteUri); //all site accepted
 else
   remoteUrl= context.Request.Url.AbsoluteUri.Replace("http://"+
         context.Request.Url.Host+context.Request.ApplicationPath,remoteWebSite);

There were 2 issues. The first was that "http://" was hard coded. Wouldn't work for https. In my case, the external site was https and internally it was http. After the following changes, this wasn't an issue. The second issue was that sometimes "proxy.aspx" was in the URL, sometimes not. I put some code in to check for this as well:

 string remoteUrl;

 string sProtocol = context.Request.Url.Scheme + "://" + 
           context.Request.Url.Host +  context.Request.ApplicationPath;
 remoteUrl = context.Request.Url.AbsoluteUri.Replace(sProtocol, remoteWebSite); //only one site accepted
 int iLength = remoteUrl.LastIndexOf("proxy.aspx");
 if (iLength > 0)
    remoteUrl = remoteUrl.Substring(0, iLength);

A second issue was that on any error, "404" was returned, which made it very hard to determine what the real back end error was. I changed the exception block to pass along the backend error with a description:

Original code:

 catch(System.Net.WebException we)
 {
 //remote url not found, send 404 to client 
	context.Response.StatusCode = 404;
	context.Response.StatusDescription = "Not Found";
	context.Response.Write("Page not found
");
	context.Response.End();
	return;
 }

New code:


 catch(System.Net.WebException we)
 {
	int		iStatus;
	string	sStatus;
	//remote url not found, send status to client 
	sStatus = we.ToString();
	int iIndex = we.ToString().IndexOf('(');
	iStatus = 491; // Our own error code if theirs is invalid - unlikely
	if (iIndex != -1)
            iStatus = Convert.ToInt32(we.ToString().Substring(++iIndex, 3));
	context.Response.StatusCode = iStatus;
	context.Response.StatusDescription = we.Message;
	context.Response.Write("From ReverseProxy - " + we.Message + 
            "


" + we.Data + "
URL: " +
                   we.Response.ResponseUri + "

");
	context.Response.End();
	return;
 }

Lastly, the remapping of the links didn't work if the application was in the web site's root directory. This was because the replacement string was basically a single '/'. In this case, the browser would not have the correct relative path or the absolute path.

The solution was easy. Pass the absolute path. So

content= ParseHtmlResponse(readStream.ReadToEnd(),context.Request.ApplicationPath);

becomes

content = ParseHtmlResponse(readStream.ReadToEnd(), sProtocol);

Note that "sProtocol" was calculated above.

And finally, change ParseHtmlResponse from

 public string ParseHtmlResponse(string html,string appPath)
 {
	html=html.Replace("\"/","\""+appPath+"/");
	html=html.Replace("'/","'"+appPath+"/");
	html=html.Replace("=/","="+appPath+"/"); 
	return html;
 }

 public string ParseHtmlResponse(string html,string appPath)
 {
	html = html.Replace("\"/", "\"" + appPath);
	html = html.Replace("'/", "'" + appPath);
	html = html.Replace("=/", "=" + appPath); 
	return html;
 }

Since the trailing backslash is already included in sProtocol.

These changes did not break the way the code worked originally, but they do make it more robust and work in more environments.

Finally, to save others a lot of heartache, here is a link to an article on how to create a server certificate that can be shared by different sites on the same machine using SSL host headers. This is non-obvious, and you can't have multiple SSL sites without it.

http://thelazyadmin.com/blogs/thelazyadmin/archive/2006/06/16/IIS-6.0-and-SSL-Host-Headers.aspx[^]

Also, remember that the "common name" for each site must be in DNS so IIS knows which site to direct the request to.

Now you can host multiple servers from a single IIS servers, using https externally and http internally ig you desire.

Hope this helps others.
Rick Bross

Hope this helps others.

Re: Some changes

MunirS

3:04 30 Aug '09

In regards to remapping fo URLS in ParseHTML routine, why would you change all paths to absolutepaths?

Aren't you supposed to leave everything relative to the address on the browser (ie context URL)?

If you point the links to an absolute value, you risk changing the address on the address bar.

Isn't reverse proxy supposed to act as if it supplying the content from the address that the user types in, ie on the browser??

Those who try and those who fry!

Pour Infos

Member 2101441

4:34 24 Sep '08

Salut Vincent
Je t'explique ma problematique:
J'ai un site Web classique les internautes clique sur un lien qui redirige vers une serveur Web situe dans un dmz (la ou j'ai installe ta solution) nesuite le resverse proxy redirige vers des pages html situe sur un serveur dans le lan. Je voudrait implemente une securite au niveau du firewall
mais quand je passe par ta solution si je regarde la variable remote address elle me sort toujours celle de l'internaute et non celle de ton proxy comment faire pour avoir la remote adress correspondant à la machine hebergeant dans la dmz ton proxy
merci à toi

marc.casadaban@gpi-info.net

2.00/5 (2 votes)

Installation Instructions

Chris Spencer

4:17 15 Jul '08

Where is the install documentation? The only files in the ZIP are the Web.config, Global.asax, and the DLL. No readme.txt, install.txt, or anything.
Sign In·View Thread·PermaLink	2.77/5 (12 votes)

Regarding Host Header

pmselvan_2000

9:29 5 Jul '08

My Application requires that the reverse proxy server does not change the host header. It must be forwarded fully transparently from the browser to the server. This is necessary to be able to differentiate between Internet requests and intranet requests.

For example, Apache reverse proxy (mod_proxy) has the configuration option 'ProxyPreserveHost' to support this feature.

This reverse proxy support this above feature. Pls reply as early. Thanks in advance.

Paul

Re: Regarding Host Header

MunirS

2:56 30 Aug '09

I think Paul, you will need to capture each header in the request object and pass them on. This is in order to keep the actual request the same as it was sent from the client. No one is born a .net developer, you become one!
Sign In·View Thread·PermaLink

Error

VJLaks

21:39 16 Jun '08

I got the output, But once i try to navigate from that page I get an error for example: If i call google.com from proxy. I get an error while searching a page from the proxy. What shall I do for that.
Sign In·View Thread·PermaLink	1.00/5 (2 votes)

Derivative Work

Paul Johnston

5:35 4 May '08

Hi,

Interesting code, simple and to the point, thanks for posting it. I've had a need for a slightly more featureful reverse proxy script, mostly that passes headers correctly in both directions. I've coded this up, taking inspiration from your script and another one that used to be online but has disappeared. It's at http://code.google.com/p/iisproxy/[^] if you want to take a look. Hope this is ok by you,

Paul

5.00/5 (1 vote)

Errors

hanisacsouka

3:32 13 Apr '08

I got the following errors in Event Viewer

Event Type: Error
Event Source: W3SVC-WP
Event Category: None
Event ID: 2214
Date: 4/13/2008
Time: 2:18:20 PM
User: N/A
Computer: SERVER
Description:
The HTTP Filter DLL C:\Inetpub\wwwroot\test\bin\ReverseProxy.dll failed to load. The data is the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7f 00 00 00 ...

Event Type: Error
Event Source: W3SVC-WP
Event Category: None
Event ID: 2268
Date: 4/13/2008
Time: 2:18:20 PM
User: N/A
Computer: SERVER
Description:
Could not load all ISAPI filters for site/service. Therefore startup aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7f 00 00 00 ...

http://www.site.com:8080/

hanisacsouka

9:05 12 Apr '08

I need to use your application to open a website on port 8080
Sign In·View Thread·PermaLink	1.67/5 (3 votes)

IIS 7.0

brice2nice

11:50 13 Nov '07

Hi, I try it on IIS 7.0 but I don't know how configure the server. I have made the mapping ISAPI but I have the Error HTTP 403.14 - Forbidden. Have you got any solution ? chears.
Sign In·View Thread·PermaLink	1.54/5 (6 votes)

enabling file download

tarak4v

20:49 5 Sep '07

what if Application sends;P file from server side?? can we enable file passing to the client browser via this proxy...(indirect file LINKING) such as .rar .zip .pdf .exe.. I tried with some of the doc file but as there is stream reader it shows doc file content with some of the garbage value in the browser.. Hope to have your reply soon.. Thanks in advance... TARAK
Sign In·View Thread·PermaLink	1.17/5 (4 votes)

Very usefull for me. View my project for download files from rapidshare.com based on this sample [modified]

W.M. Spon

23:54 29 Jun '07

Very usefull for me. View my project for download files from rapidshare.com based on this sample http://www.xd24.ru/start.aspx Absolutly free download files from rapidshare.com and rapidshare.de via asp.net proxy! No wait! Thanks.
Sign In·View Thread·PermaLink	1.00/5 (4 votes)

I couldnt get it work

jeanmoura

6:01 12 Apr '07

Sorry Vincent, but I couldnt get the reverse proxy work. I tried install the demo in my IIS but it didnt work. I have IIS 6 and I couldnt configure IIS, that file extension you mentioned. What about the reverseproxy.dll? Should I configure it anywhere to get it run? Should I create an virtual directory to this app? Please help best regards from Brazil Jean
Sign In·View Thread·PermaLink	2.00/5 (2 votes)

image path doesnt work

nolovelust

11:45 5 Apr '07

hi i am not sur eif this article watched but proxy does not give correct path for images. for example if you browse google http://localhost/http/google.com images links becomes //http//google.com/images/nav_logo2.png all internal links becomes //http//google.com/.... any ideas how to fix it?
Sign In·View Thread·PermaLink	1.45/5 (4 votes)

Re: image path doesnt work

MySuperName

22:51 11 Jan '09

guys! any ideas how to fix it?
Sign In·View Thread·PermaLink

Bisuits

safari75012

5:52 23 Mar '07

Salut Vincent, Je vais essayer ton reverse proxy sur une machine Windows 2000 server a partir de lundi, mais j'ai une question prealable: Est-ce que ton proxy forwarde des cookies? Ou faudrait-il plus pour cela? Merci en avance, Felix
Sign In·View Thread·PermaLink	1.11/5 (2 votes)

HTTPS support

Deason

19:11 21 Nov '06

Just for information's sake. If you'd like this to support https in mode 1 then simply update the line else statement for mode 1 to be this: `remoteUrl = context.Request.Url.AbsoluteUri.Replace(context.Request.Url.Scheme + "://" + context.Request.Url.Host + context.Request.ApplicationPath, remoteWebSite); //only one site accepted`
Sign In·View Thread·PermaLink	1.00/5 (1 vote)

Reverse proxy apache and IIS

harinath

3:29 28 Oct '06

Hi, Apache does reverse proxy with just simple configuration. Is this feature not available on IIS? I see this article explaining the HTTPHandler solution for rverse proxy option. Let me know if you have any information Thanks Harinath India
Sign In·View Thread·PermaLink	1.00/5 (1 vote)

401 error

mredlon

3:18 14 Sep '06

I tried to redirect to another virtual directory but kept getting file not found even though it existed. I commented out the 404 code and found that the problem was due to error 401 not authorized. Any ideas?
Sign In·View Thread·PermaLink	1.11/5 (2 votes)

Reverse proxy with .css and .aspx files.

yashchawhan

20:40 3 Aug '06

While i am working with the reverse proxy using the downloaded project,i make the changes in the source of the website so that it uses the reverse proxy to get the response.But it is not working with the .css files.i.e,it is not getting these files.Kindly help please....Thanks.. Yashpal A Chawhan
Sign In·View Thread·PermaLink	1.15/5 (5 votes)

Re: Reverse proxy with .css and .aspx files.

MunirS

2:39 30 Aug '09

Did anyone manage to answer this? I guess my answer would be to make sure that the css files + js files are pointing to the correct location and to a location that is accessible from the client. Therefore url mapping on the response content maybe necessary. Please anyone? Thanks for an execllent article! Those who try and those who fry!
Sign In·View Thread·PermaLink	2.00/5 (1 vote)

Reverse Proxy

yashchawhan

3:45 24 Jul '06

I am using the downloaded sample in Mode 1,Then for example when the RemoteWebsite is www.iopsis.com. it shows the contents without images.And then when i click on sublinks like contact us or Services it gives a error saying that page not found.And here while the URL in the begining is http://localhost/ReverseProxy and then when i click on sublink the name of the project ReverseProxy goes and the URL of the sublink is appended to the localhost.Kidly help me to solve this problem.Thanks in advance.

1.80/5 (5 votes)

Last Visit: 16:51 23 Nov '09 Last Update: 16:51 23 Nov '09

12 3 Next »

General News Question Answer Joke Rant Admin